package com.base.filter;

import java.util.ArrayList;
import java.util.HashMap;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.opensymphony.xwork2.ActionInvocation;
import com.soar.interceptor.AbsActionAuthInterceptor;

public class AuthInterceptor extends AbsActionAuthInterceptor
{

	private static final long serialVersionUID = 1L;

	private static final Log log = LogFactory.getLog(AuthInterceptor.class);

	@SuppressWarnings("unchecked")
	@Override
	protected String authIntercept(ActionInvocation invocation, HttpServletRequest request, HttpServletResponse response, String actionName, String actionMethod, String namespace) throws Exception
	{

		log.info("NameSpace:" + namespace);
		log.info("ActionName:" + actionName);
		log.info("ActionMethod:" + actionMethod);
		if (request.getSession().getAttribute(AbsActionAuthInterceptor.INTERCEPTOR_ACTION_AUTH) == null)
		{
			response.sendError(403);
		}
		else
		{
			HashMap<String, ArrayList<String>> auths = (HashMap<String, ArrayList<String>>) request.getSession().getAttribute(AbsActionAuthInterceptor.INTERCEPTOR_ACTION_AUTH);
			StringBuffer fullPath = new StringBuffer(namespace).append("/").append(actionName);
			ArrayList<String> arrayList = auths.get(fullPath.toString());
			if (arrayList != null && arrayList.contains(actionMethod))
			{
				return invocation.invoke();
			}
			else
			{
				response.sendError(403);
			}
		}

		return null;
	}

}
